Wrong principal in request
Jeff Blaine
jblaine at kickflop.net
Mon Jan 4 15:29:55 EST 2010
>> Server: CentOS 5.3, MIT Kerberos 1.6.x, Russ Alberry's pam_krb5
>
>> Failure: Aside from GSSAPI not being used...
>
>> sshd[12234]: pam_krb5RA(sshd:auth): pam_sm_authenticate: entry (0x1)
>> sshd[12234]: pam_krb5RA(sshd:auth): (user jblaine) attempting
>> authentication as jblaine at FOO
>> sshd[12234]: pam_krb5RA(sshd:auth): (user jblaine) credential
>> verification failed: Wrong principal in request
>
> Usually this means the principal in the system keytab for your system
> doesn't agree with the hostname or DNS name of the system.
>
Thanks Russ.
* Is there any way to see what principal is expected to be in
the keytab? I've already added host/mega and host/192.168.1.6
to the keytab...
* This is all in a private non-routed testbed network with no
DNS resolution configured. Am I fighting an unwinnable battle
with a testbed like this? I don't want to depend on DNS at
all, and /etc/nsswitch.conf's are configured as such.
Jeff
[ finally subscribed in non-digest mode so he can reply properly ]
More information about the Kerberos
mailing list